Professional Documents
Culture Documents
Analysis of Security Threats of Voip Systems
Analysis of Security Threats of Voip Systems
I Introduction
Voice over Internet Protocol (VoIP) [1] is one of the most im-
portant technologies in the world of communication. VoIP
is simply a way to make phone calls through broadband
internet Connection. Internet was initially considered to
transmit data traffic and it is performing this task really Figure 2: Voice Data flows between two end points
well [2, 3]. To transmit voice conversations over a data net-
work using IP, VoIP technology is used. Such data network ibility of VOIP it is also very important to analyze all the
may be the Internet or a corporate Intranet or managed security related issues at different levels of VOIP.
networks which are specially used by long distance and lo-
cal service traditional providers and ISPs (Internet Service
Provider). Voice over IP refers to the diffusion of voice traffic
1.1 VoIP Components
over internet-based networks. Voice over Internet Protocol VoIP consists of three essential components: CODEC
(VoIP) is a rapidly growing technology that enables trans- (Coder/Decoder), packetizer and play out buffer [1, 2]. At
port of voice over data networks such as Ethernet local area the sender side, an adequate sample of analogue voice sig-
networks (LANs) or internet [4, 5]. nals are converted to digital signals, compressed and then
This growth is due to the integration of voice and data encoded into a predetermined format using voice codec such
traffic over the existing networking infrastructure, low cost, as as G.711, G.729, G.723.1a, etc. Next packetization pro-
and improved network management offered by the technol- cess is performed which fragment encoded voice into equal
size of packets. Furthermore, in each packet, some protocol II Voice Over Internet Protocol
headers from different layers are attached to the encoded
voice. Protocol headers added to voice packets are Real- The history of VoIP began with conversations by a few com-
time Transport Protocol (RTP), User Datagram Protocol puter users over the Internet. Initially, VoIP required a
(UDP), and Internet Protocol (IP) as well as data link layer headset to be plugged into the computer, and the partic-
header. In addition, to this RTP and Real-Time Control ipants could only speak with others who had a similar set
Protocol (RTCP) were designed at the application layer to up. They had to phone each other ahead or sent a text
support real-time applications. message, in order to alert the user at the other end of the
incoming call and the exact time [4]. In its early stages, the
VoIP technology was not sufficiently mature. There was a
Although TCP transport protocol is commonly used in
big gap between the marketing structure and the technolog-
the internet, UDP protocol is preferred in VoIP and other
ical reality. It results in an overall agreement that technical
delay-sensitive real-time applications. TCP protocol is
shortages stopped any major transition to VoIP. The most of
suitable for less delay sensitive data packets and not for
the technical problems have been solved by VoIP technology
delay- sensitive packets due to the acknowledgement (ACK)
[5].
scheme that TCP applies. This scheme introduces delay as
receiver has to notify the sender for each received packet by
sending an ACK message. On the other hand, UDP does
not apply this scheme and thus, it is more suitable for VoIP
applications. The packets are then sent out over IP network
to its destination where the reverse process of decoding and
depacketizing of the received packets is carried out. During
the transmission process, time variations of packets delivery
(jitter) may occur. Hence, a playout buffer is used at the
receiver end to smoothen the playout by mitigating the in-
curred jitter. Packets are queued at the playout buffer for a
playout time before being played.
However, packets arriving later than the playout time are Figure 3: VOIP Signaling Protocols
discarded. The principle components of a VoIP system,
which covers the end-to-end transmission of voice, are il-
lustrated in Figure 1. There are signaling protocols of VoIP 2.1 What is VoIP?
namely Session Initiation Protocol (SIP) and H.323. These
signaling protocols are required at the very beginning to es- VoIP (Voice Over Internet Protocol) is an IP network based
tablish VoIP calls and at the end to close the media streams voice transmission technology, instead of the traditional ana-
between the clients [3]. H.323 was standardized by ITU-T log telephone line, it allows people to make telephone calls
specifically to smoothly work together with PSTN while SIP through broadband internet connections. In other words,
was standardized by Internet engineering task force (IETF) just installing network telephone software on the PCs at
to support internet applications such as telephony [6]. each end, people can talk through to each other through
the IP network. With the development of network technol-
ogy, network IP telephony grew from PC-PC to IP-PSTN,
In figure 2, VoIP protocol stack is illustrated. Further- PSTN-IP, PSTN- PSTN and IP-IP, etc. Here the common
more, in IP networks, IP addresses can be changed from characteristic is using the IP network as the transmission
one session to another, especially in dial-up case. Therefore, medium and this is satisfied by using VOIP as VOIP re-
there is a need for a common meeting point shared among quires less cost and same existing network to complete a
users to enable them finding each other at the establish- VOIP call [7].
ment stage of communication. This common meeting point
is generically known as a call server. This paper comprises
2.2 How does VoIP Work?
of six sections starting with Introduction, next section tells
about VOIP, how it works, its advantages and disadvan- VoIP is a technology to transmit analog voice signal through
tages. In section III we give different VOIP standards and the IP network. Simply speaking, it is accomplished by cod-
protocols and discusses two main protocols SIP and H.323 ing, compressing, packetization, etc, processes. After the
along with its architecture. Section IV tells us about vari- voice data are transmitted to the destination through the
ous security threats of VOIP. Section V discusses about SIP network, in order to be received at the receiving end, it will
security issues and proposes mechanisms to deal with such be re-assembled by the opposite processes. Here is how the
issues and finally concluding remarks is given in Section VI. VoIP transmission is completed.
Step 1: Voice to Digital Data Transformation • Cost Savings: Reduce the communication cost for the
Voice data is analog data, no matter in real time application users which means that the communication can be done
or unreal time application, to transfer voice data in the IP over private or internet data network line, instead of
packet, the first thing to do is to transform the voice data commercial telecommunications line.
from analog signal into the digital bit stream, that is digi-
talizing an analog voice signal. In Digitalization the source • Extendibility: VoIP can be extended easily to any
and destination must use the same coding algorithm, so that number of users and without any geographical bound-
the digitalized bit stream can be reverted to understandable ary limitation.
analog voice data. • Reuse-ability: The available resources can be reused.
Step 2: Digital Data to IP Transformation Available network can be used for VoIP implementa-
After digitalizing the voice data into bit stream, the next tion. Data and voice service are combined easily with
step is compressing and coding the voice packet into specific Rich media of services.
frames, this is done by using complex algorithms. Such as
if a coder uses 15ms frame, then the first 60ms packet will • Easy Implementation: Speech communications can
be divided into 4 frames and coded in order. After coding, be designed by computer networks companies within
the 4 frames will be compressed into one IP packet and sent any organization. Collaboration and integration with
to the network processor. The network processor will add other applications: This is because some protocols can
control header and payload in the voice packet, and send collaborate with other applications easily, so it can take
the voice packet to the destination through Internet. benefits from its properties.
Step 3: Transmission
• Mobility of the Service: The users can use the ser-
In this session, the entire network will receive the IP packet
vices from anywhere like voice mail, call features and
from the sender and transmit it to the destination within
so on.
a specific time, the time can be in different values within a
specific range, it reflects the jitter in the network transmis- • User Control Interface: Most of VoIP have user con-
sion process. Each node in the network checks the address trols interface or graphical user interface (GUI) like in
information in the IP data, and uses this information to send web, which make it easy to use.
the data to the next node. During the transmission, packets
can be lost, damaged, or have errors. In the ordinary data • Phone Portability: The users do not need to change
transmission, the lost/damaged data can be retransmitted, the communication details where ever they go on re-
but since VoIP is real time application, therefore a compli- move.
cated error detection or correction method is needed.
Step 4: IP Packet to Digital Data Transformation
The destination VoIP equipment starts to process the IP
III VoIP Standards and Protocols
packet after receiving it. A buffer is used to accommo-
date many voice IP packets. User can change the size of 3.1 VoIP Standards
the buffer, small buffer generates small latency, but can not With the growth of VoIP, new requirements are brought
adjust big jitter. Address informaion and other control in- forwarded, such as providing communication between a PC
formation will be removed, only the original data can be based soft phone and a phone on PSTN. Such requirements
reserved, the reserved original data will be sent to the de- strengthen the need for a standard for IP telephony. Same
coder, the decoder will decode and decompresse the voice as other technologies, there are various standards proposed
data into new voice data. to be accepted by the industry [8]. Two major standard
Step 5: Digital Voice to Analog Voice Transforma- bodies which govern the multimedia transmission over IP
tion network are:
Here just the reverse process of step 1 is done and analog
voice is received at the destination end. This process is de- • International Telecommunications Union (ITU).
picted in Fig.2. • Internet Engineering Task Force (IETF)[6].
3.2.1 Real-time Transfer Protocol used for synchronization, for ex., to synchronize audio and
video data in MPEG format. Apart from this sequence
Real-Time Transport Protocol (RTP) is an internet stan-
number is also used to detect data loss in packets of video
dard protocol, used to transfer real time data, such as audio
data. In RTP payload is used to indicate what mechanism
and video. It can be used for IP telephony. RTP includes
two parts: data and control. The control part is called Real
Time Control Protocol (RTCP). VoIP uses protocols such
as real-time protocol (RTP) and H.323 to deliver packets
over the internet. Each VoIP packet has an internet pro-
tocol (IP)/UDP/RTP header with a total size header, 40
bytes. G.711 and G.729 are he two widely used voice encod-
ing standards that are used with VoIP products [9]. Figure 5: RTP Data in IP Packet
• Real Time Protocol (RTP): It carries real time
data. It provides support for real-time applications, is used to coding/compressing the data, the receiving side
includes timing reconstruction, loss detection, security uses this identifier to choose correct mechanism for decod-
and content identification. [7] ing/decompressing the data. At one time, RTP can send
only one type of payload. Another function of payload is
• Real Time Control Protocol (RTCP): It carries source identification, it enables the receiving side to know
control information, the information is used to manage where the data come from. The following figure depicts the
the QoS. It provides supports for applications such as RTP data in IP packet.
real-time conference. The supports include source iden-
To set up RTP session, the application defines a pair of
tification, multicast-to-unicast translator, and different
destinations: network address and a pair of ports. In mul-
media streams synchronization [7].
timedia session, each medium use a separate session, thus
The RTP data structure is shown below: The real time data the RTCP can report the transmission quality separately.
Such as transmission of audio and video, audio and video
data use different RTP session, thus the receiver can choose
whether or not to receive one medium.
Figure 4: RTP Data Structure 3.2.3 Real Time Control Protocol (RTCP)
3.4 Session Initiation Protocol (SIP) SIP consists up of two types of entities: User agent (UA)
and Networkservers.
Another signaling protocol is Session Initiation Protocol User Agents (UA): SIP is a peer to peer protocol, the two
(SIP) which is used to create, manage and terminate ses- peers in a session are User Agents. The user agent consists
sions in an IP based network [9]. SIP has been used in VoIP of two functionalities: User Agent Client (UAC) and User
in the recent past, it is a standard put forwarded by Internet Agent Server (UAS). The UAC is used to initiate calls, the
Engineering Task Force (IETF). UAS responds to call requests, by exchanging request and
SIP is still growing and being modified to include other response, User Agent can initiate and cut off sessions be-
relevant features, but the job of SIP is limited to only set tween each other. User Agent Client is a client application
up sessions. Unlike H.323, SIP is not a complete proto- which is used to initialize a SIP request while User Agent
col for multimedia communication. Instead, SIP works to- Server is a server application, when User Agent Server gets
gether with other protocols to provide functionalities similar a request, it contacts the user and returns a response to the
to H.323. The relationship between SIP and other protocols User Agent in the name of the user. The UAC and the UAS
is shown in Fig.9. SIP is a session layer protocol, it has can be located on the same device such as an IP telephone.
two basic functions: signaling and session control. Signaling SIP calls can be made to another UA directly, or through
is used to translate signals between different networks and either the redirect server or the SIP proxy server [8].
Session control is used to control the attributes of the end Network Server: There are four types of SIP network
to end call. servers, they are registration server, location server, proxy
Figure 10: H.323 Call Setup Procedure 3.4.3 Media Gateway Control Protocol (MGCP)
Media Gateway Control Protocol (MGCP) is another pro-
tocol which is used to control the media gateways. MGCP
is created from other two protocols, Internet Protocol De- time, such as, ask the gateway to prepare connection ask the
vice Control (IPDC) and Simple Gateway Control Protocol gateway to start ring, ask the gateway to notify call agent
(SGCP). MGCP which is the extended H.323 gatekeeper when the phone goes off-hook. All these events can be done
model. MGCP handles the traffic between media gateway with one Create Connection command.
and the controller. It is the controller which performs con- (D) Modify Connection from call agent to gateway: This is
version from packet switched network to circuit switched done by the call agent to modify an established connection.
network. Call agent can use this command to change parameters, like
This is a master-slave protocol, the master has absolute activation, deactivation, change codec, packetization period,
control and the slaves just follow the commands. The master etc.
is the media gateway controller or soft switch, the slave is (E) Delete Connection from call agent to gateway: This is
the IP phone or VoIP gateway. This protocol is a contrast used by call agent to delete a connection.
to peer-to-peer protocol which means that the client cannot (F) Audit Endpoint from call agent to gateway is used to
establish connection with another client. MGCP is designed check if an end point is up.
to reduce the workload of the IP telephones so that the IP (G) Audit Connection from call agent to gateway: Call
telephones can be un-expensive and less complex. agent uses this command to get all the parameters of the
connection.
(H) Restart in Progress from gateway to call agent: Media
gateway uses this command to report to the call agent that
more than one end points have problem.[13].
The MGCP protocol architecture is given in Fig 12. The
key component in MGCP is Media Gateway (MG), it is
responsible for switch information between a packet based
network to a circuit based network, it also handles RTP me-
dia steams across the IP network. There are several types
of gateway in VoIP, they are trunking gateway, residential
gateway, access gateway, network access server, etc.
(a) Trunking Gateway: It is the interface between the
telephone network and the VoIP network. (b) Residential
gateway: It provides an analog interface to VoIP network.
Figure 13: SIP Call Setup Procedure (c) Access Gateway: It provides analog or digital PBX in-
terface for VoIP network. (d) Network Access Server: It
can be linked to a modem to a telephone circuit and provide
3.4.4 MGCP Overview internet access at the same time. Media Gateway Controller
IV Security Threats of VoIP client, they don’t know there is an intruder between them.
This attack is known as man-in-the-middle. Similarly, the
VoIP maximizes the usability of network, reduces cost and attacker can open entries on the network by accident or pur-
time, and provides new service opportunities. VoIP extends posily, this enables back door attack. Another by pretending
services to remote locations with lower cost. VoIP brings to be a service provider, the attacker can track the user to
new multimedia service opportunities, such as PC based call, connect to it and get sensitive information of the user. This
web- based multimedia conference [14].While VoIP brings attack is known as masquerading.
many benefits to us, it also put forward security problems
in front of us. The following section gives description of secu- 4.2 SIP Flooding Threat
rity issues in VoIP. There are many different methods which
can be used to attack VoIP. Some attacks try to steal infor- IP phones generate requests or responses to send to a spe-
mation while others attempt to shut down the network. The cific UA, called by victim. As a result, a single UA is over-
attacks to VoIP aim at confidentiality, integrity and avail- whelmed by receiving excessive SIP messages within a short
ability. duration of time, so that the UA cannot provide normal
Confidentiality: Confidentiality means the privacy of in- services. INVITE flooding is one of the most typical threat.
formation, sensitive information, such as username, pass- Basically, flooding attack is also the issue of IP layer. In
word, financial information, security information, etc, case of INVITE flooding, however, it could be more annoy-
should be protected. Usually, an attack to VoIP has the ing threat for the VoIP user because the one should see many
aim of destroying service, stealing service or destroying pri- call requests at the same time and hear ringing of calls.
vacy. In the traditional telephony system, there is physi-
cal protection for the information confidentiality, since it is 4.3 Spoofing Threat
difficult to reach the physical equipment, such as physical
telephone line, telephone switch. But in VOIP voice data Spoofing [15] can be done when an attacker searches to be
are transferred over Internet that means everybody with a someone else in order gain access to restricted resources or
computer and a modem has the ability to reach the voice steal information. This type of threat can take a variety
data. of different forms, for instance, an attacker can change the
Thus protection of confidentiality in VoIP is more difficult. protocols which are used as the Internet Protocol (IP). Also,
Attacker can make use of user authentication and authoriza- an attacker may send fraudulent emails and set up fake web-
tion tools to intrude system, share privilege with legal user, sites in order to capture user’s login names, passwords and
steal sensitive information, or gain unauthorized access to account information. A phishing attack is any fake email or
network resources. Integrity: Integrity of information means websites. Another type of spoofing involves setting up a fake
the information cannot be modified by unauthorized user. wireless access point and tricking victims into connecting to
For example, the bank account numbers can only be changed them through the unauthorized connection. There are two
by the user himself, or other security administrator. In VoIP kinds of spoofing threats which are possible, first one is IP
scenario, damage data integrity on the server may result in spoofing threat and another is URI spoofing threat.
the attack like denial of service. IP spoofing threat is a way for IP source addresses in
Availability: Availability means the service, information order to feign a trusted user. In URI spoofing threat the at-
or resource are always available when it is needed by autho- tacker who hijacked SIP messages between two UAs forges
rized user. Attacks to availability may result in bad service their URI field, so the attacker can hide himself from trace
quality or denial of service. In addition to this some other backs. If spoofed BYE requests (BYE DoS attack) are sent
threats are given below to a victim, then the call would be terminated by this at-
tacker. Spam over internet telephony (SPIT) is unwanted,
automatically dialed, prerecorded phone calls using Voice
4.1 Malformed Message Threat over Internet Protocol (VoIP). It is similar to E-mail spam.
Malformed Message Threat is one of the most representa- By IP spoofing or session hijacking, an attacker can access
tive cases using the vulnerabilities of text-based protocol. network in the name of a legal user. By using sniffer to
The attackers are able to cause malfunctions of proxy server get data from network, attacker can obtain information like
by manipulating SIP headers. For instance, overflow-space, username, password, and with these information to perform
overflow-null, specific header deletion and using non-ASCII further attack network vulnerable to eavesdropping.
code are involved in these malformed message threats. By
intercepting the messages transferred between server and 4.4 Denial-of-service (DoS) or VoIP Ser-
client, the attacker can get the public key, and then get mes-
vice Disruption
sages which are sent by the client, decrypt the message with
the key. After decryption of the message, the attacker can Many systems does not have authentication, so an attacker
modify the message and forward the message to the server, can log onto a computer which is on the VoIP network, and
or without modifying the message. For the server and the then the attacker send ARP flood to corrupt ARP caches.
ARP flood attack to the switch makes them flooding bad re- There is a list of several factors which makes the SIP inse-
quest to key component (such as server, gateway) in VoIP, cure.
the component may be crashed, and cannot provide ser- (i) Maturity: SIP is a relatively new standard.
vice to legal user, this attack is knows as Denial of Ser- (ii) Complexity SIP is not a complex protocol, but all the
vice (DoS).Denial-of-service (DoS) threats can affect any IP- necessary extensions make the SIP a complicated protocol.
based network service, and are the most challenging threat (iii) Encoding: SIP is text message protocol, and is easily
in VoIP applications. One type of attack in which packets visible to any sniffer.
can simply be flooded into or at the target network from (iv) Extensibility: SIP supports extensions, these features
multiple external sources is called a distributed denial-of are new but often weak from a security perspective.
service (DDoS) attack. SIP sessions are used by network elements for modifying,
terminating a session, and resource discovering. Therefore
SIP security such as authentication, Confidentiality and au-
4.5 Call Hijacking and Interception thorization is an essential element. Different attacks like
Call interception and eavesdropping are other major con- Denial of the services (DoS), Man in the middle, and ping
cern on VoIP networks which cause theft of information and attacks can cause security threats. To offer further integrity
services on VoIP networks. The existence of this threat in SIP used a built mechanism for protection against differ-
VoIP applications is because of the deficiency or absence of ent kind of attacks, and it relies on different protocol like
authentication measures. This threat demonstrates the need IPSec, Transport Layer Security (TLS) and Secure Mime
for security services that enable entities to authenticate the (S/MIME) [17].
originators of requests and to verify that the contents of
the message and control streams have not been altered in 5.1 SIP Threats
transit.
A SIP based system is vulnerable to common IP and VoIP
attacks. There are several security issues concern to SIP
4.6 H.323-Specific Attacks based VoIP system. The lists of attacks that are unique to
H.323 is signaling protocol in VoIP communications which is SIP are as follows:
encoded according to ASN.1 PER encoding rules. The im- Registration Hijacking: This threat occurs when an in-
plementation of H.323 massage parser, rather than the en- truder in the network impersonates a valid UA into a regis-
coding rules themselves cause vulnerabilities in H.323 suits. trar and replaces his address as a legitimate user. Then all
of the incoming calls send to the attacker legitimate address.
The Registration process normally uses UDP protocol that
4.7 Signaling Initiation Protocol (SIP)- provides a weak security mechanism. Most of the registrar
Specific Attacks just requires a simple username and password. It can eas-
ily be defeated by generating dictionary-style attacks. In
SIP is an unstructured text-based protocol which suffers dictionary- style attacks, an attacker needs just to know
vulnerabilities according to its encoding format, because it the username and then he steps through a list of built-base
is not possible to check all permutations of SIP messages passwords like enterprise name, office branch name or orga-
throughout development for security vulnerabilities. Since nization name. Some organizations use a shared mechan-
SIP protocol links other protocols and services together, it ically generated weak password such as an extension with
may cause other typical vulnerabilities in services such as additional word, so this way an attacker may learn one of
SSL, hypertext transfer protocol (HTTP), simple mail trans- enterprise’s passwords and then he may be able to learn all
fer protocol (SMTP) to occur in VoIP environment. In next of its passwords [18]. The Registration Hijacking Threat of
section we will concentrate on the SIP security threats and SIP is shown in Fig.13.
give measures to prevent it.
Proxy Impersonation: During communication with a a “BYE” messages by an attacker, may cause to tear down
rogue proxy these threat occur when an attacker/intruder the session [18]. This threat is shown in Fig.16.
tricks one of enterprise’s SIP servers (UA), if this attack
occurs successfully then the attacker can access all SIP mes-
sages and control on all SIP calls[18]. Proxy Impersonation
in SIP is shown in Fig.14.
Privacy requires an implementation of a set of secure inter- tion and integrity protection, confidentiality of SIP signal-
faces, which provide authentication, authorization and in- ing data. S/MIME relies heavily on the certification of the
tegrity. end user. Moreover self certification is vulnerable to man-
Confidentiality: Confidentiality can be achieved by using in-the-middle attack, so either the certificates from known
different encryptions techniques, which provide user authen- public certification authorities (CAs) or private CAs should
tication. For ex: a hash record key with a shared secret is be used, so the S/MIME mechanism is seriously limited.
used between the parties to prevent malicious users from IPSec: SIP uses IPSec to protect message exchanged be-
call monitoring. Such measures should be taken to get con- tween user agents. IPSec assumes a trusted relationship
fidentiality [20] between peers, and it can only be used in hop-to-hop mode.
Integrity: To protect the source of data we use Integrity Firewall/Network Address Translation (NAT): Fire-
that provides user authentication. It is used for origin in- walls are usually used to protect trusted network from
tegrity, and without integrity control, any non-trusted sys- un-trusted network. Firewalls usually work on IP and
tem has the ability to modify the different contents without TCP/UDP layer, it determines what types of traffic is al-
any notice. lowed and which system are allowed to communicate. Fire-
Authorization: Authorization requires querying a wall doesn’t monitor the application layer. Since SIP needs
database containing the basic account information for a sub- to open ports dynamically, this enhances the complexity of
scriber. This account information provides the public as well firewall, as the firewall must open and close ports dynami-
as private identities for the subscription, and all the services cally. Thus, NAT is used to preserve IP address. Also for a
the subscriber is authorized to access. secure session in VOIP we should take following measures
Authentication: Authentication requires the use of pass-
words and the exchange of credentials. Whenever a sub- • Use and maintain anti-virus and anti-spyware pro-
scriber registers his or her location with the network, the grams.
registrar should always challenge the initial registration.
Non-repudiation: It prevents subscribers from accessing • Do not open unknown attachments of mails which have
services and later denying that they used those services. If unknown or fake IDs.
the operator implements the right tools and audit systems,
• Verify the authenticity and security of downloaded files
you should have total visibility to every network transaction
and new software.
that takes place. It also includes any downloads that the
subscriber may have made. Above aspects of SIP security • Configure your web browser(s) properly by en-
was common and was used generally in the past. However, abling/disabling the necessary cookies.
some more security measures at the protocol level are pro-
posed. They are using HTTP digest authentication, using • Active firewall session in your network and always place
S/MIME for integrity protection, using RTP to encrypt data your back-up securely.
for confidentiality and using IPSec to provide signaling pro-
tection. • Create strong passwords and change them regularly and
HTTP Digest Authentication: SIP uses HTTP Digest do not disclose such information publicly.
Authentication method to authenticate data, such as pass-
word. HTTP Digest authentication offers one-way message In addition to this some mechanisms which can be used to
authentication and replay protection, but it doesn’t protect avoid such threats are:
message integrity and confidentiality. By transmitting an
MD5 or SHA-1 digest of the secret password and a ran- • To prevent message alteration established secured com-
dom challenge string, HTTP Digest can protect password. munication channel between communicating parties.
Although HTTP digest authentication has the advantage To prevent media alteration and degradation use SRTP
that the identity of the user is encrypted, and transmit- protocol.
ted in cipher text, but if the password is short or weak, by
• Another technique for preventing message tampering in
intercepting the hash value, the password can be decrypted
SIP is to send SIP message digitally signed to receiver.
easily. Another problem is that there is no encryption mech-
As a result, any modification in a SIP message can be
anism to ensure the confidentiality and the integrity of the
detected and discarded by the SIP server. Generally,
SIP message. Some SIP messages (such as ACK) doesn’t re-
digital signatures can protect SIP messages from any
quire response. Authentication for these messages is based
sort of tampering attack. For example send e-mails to
on the previous request that means an attacker can send a
anyone by using your digital signatures.
modified message to perform a DoS attack.
S/MIME: MIME bodies are inserted into SIP messages. • Use secured devices for communication and switching
MIME defines mechanisms for integrity protection and en- of voice as well as data.
cryption of the MIME contents. SIP can use S/MIME to
enable mechanisms like public key distribution, authentica- • Use Strong authentication and password at device level.
• Change defaults passwords and enable SIP authenti- [4] W. Flanagan, VoIP Signaling and Call Processing. Wiley,
cation. Use the devices which support SRTP cipher 2011. [Online]. Available: https://ieeexplore.ieee.org/xpl/
technique. articleDetails.jsp?arnumber=8043824
• Use VLAN with 802.1x in internet to split data and [5] William A. Flanagan, VoIP and Unified Communi-
voice traffic. cations Define the Future. Wiley, 2011. [Online].
Available: https://ieeexplore.ieee.org/xpl/articleDetails.
• Disable Telnet in the phone configuration, allow only jsp?arnumber=8043231
to administrators. [6] C.-Y. Wu, K.-P. Wu, J. Shih, and H.-M. Lee, “Voips: Voip
secure encryption voip solution,” in Security-Enriched Ur-
To avoid message tampering and voice pharming attack use
ban Computing and Smart Grid, R.-S. Chang, T.-h. Kim,
encrypted transmitted data using encryption mechanisms and S.-L. Peng, Eds. Berlin, Heidelberg: Springer Berlin
like IPsec, TLS and S/MIME. IPsec provide encryption of Heidelberg, 2011, pp. 84–93.
SIP message at network layer. IPsec supports both end to
end and hops to hops encryption. IPSec support Internet [7] T. Daengsi, N. Khitmoh, and P. Wuttidittachotti, “Voip
Key Exchange (IKE) protocol for key management. quality measurement: subjective voip quality estimation
model for g.711 and g.729 based on native thai users,”
Multimedia Systems, vol. 22, no. 5, pp. 575–586,
VI Conclusions Oct 2016. [Online]. Available: https://doi.org/10.1007/
s00530-015-0468-3
This paper is based on the security threats in VOIP. In the [8] M. Hruby, M. Olsovsky, and M. Kotocova, Solving VoIP
early days of VoIP, there was no big concern about security QoS and Scalability Issues in Backbone Networks. Dor-
related issues. People were mostly concerned with its cost, drecht: Springer Netherlands, 2013, pp. 537–549. [Online].
functionality and reliability. Now that VoIP is gaining wide Available: https://doi.org/10.1007/978-94-007-6190-2 41
acceptance and becoming one of the mainstream communi-
cation technologies, security has become a major issue. In [9] P. Wlodarski, “Quality of service for aggregated
voip streams,” in Software Engineering and Algorithms
this paper we have described what is VOIP, how it works, its
in Intelligent Systems, R. Silhavy, Ed. Cham: Springer
advantages, its standards and different protocols used in it in International Publishing, 2019, pp. 431–437.
detail. Then we concentrate on two main protocols SIP and
H.323 and discussed the various security threats that SIP [10] E. Imen, A. A. Imen, and M. Debyeche, “Framework for
protocol is concerned with and propose various mechanisms voip speech database generation and a comparaison of differ-
to prevent VOIP threats. We have also given measures that ent features extraction methodes for speaker identification
should be used and implemented on regular basis in VOIP on voip,” in 2015 3rd International Conference on Control,
networks in order to get prevention from such threats. Se- Engineering Information Technology (CEIT), May 2015, pp.
1–5.
curity measures in VOIP are in its beginning stage and a lot
of research has to do in this area. As the need and speed of [11] T. Sinam, I. T. Singh, P. Lamabam, N. N. Devi, and
the internet and data traffic will increase in future more new S. Nandi, “A technique for classification of voip flows in udp
threats will come into picture as now the attackers/hackers media streams using voip signalling traffic,” in 2014 IEEE
are not only threatening on the network level but also at International Advance Computing Conference (IACC), Feb
the protocol level. So a level based approach has to be used 2014, pp. 354–359.
both at the network level and at the protocol level to moni-
tor them and to take immediate preventive measures against
them.
REFERENCES
[1] S. Ganguly and S. Bhatnagar, Basics of VoIP. Wiley,
2008. [Online]. Available: https://ieeexplore.ieee.org/xpl/
articleDetails.jsp?arnumber=8045312